csrf_failure: Update error page.

Switches from Django's default error page to Zulip standard error
template.  Also updates template for 405 error code to not use the 404
art.

Fixes #25626.
This commit is contained in:
sanchi-t 2024-01-10 09:58:14 +05:30 committed by Tim Abbott
parent c58c12911c
commit 0a626f5e3c
4 changed files with 55 additions and 7 deletions

View File

@ -13,11 +13,7 @@
<img src="{{ static('images/errors/400art.svg') }}" alt=""/> <img src="{{ static('images/errors/400art.svg') }}" alt=""/>
<div class="errorbox"> <div class="errorbox">
<div class="errorcontent"> <div class="errorcontent">
{% if status_code == 405 %}
<h1 class="lead">{{ _("Method not allowed (405)") }}</h1>
{% else %}
<h1 class="lead">{{ _("Page not found (404)") }}</h1> <h1 class="lead">{{ _("Page not found (404)") }}</h1>
{% endif %}
<p> <p>
{% trans %} {% trans %}
If this error is unexpected, you can If this error is unexpected, you can

53
templates/4xx.html Normal file
View File

@ -0,0 +1,53 @@
{% extends "zerver/portico.html" %}
{% block title %}
<title>{{ _("Error") }} | Zulip</title>
{% endblock %}
{% block portico_class_name %}error{% endblock %}
{% block portico_content %}
<div class="error_page">
<div class="container">
<div class="row-fluid">
<div class="errorbox">
<div class="errorcontent">
{% if csrf_failure %}
<h1 class="lead">{{ _("Access forbidden (403)") }}</h1>
<p>
{% trans %}
Your request could not be completed because your
browser did not send the credentials required to authenticate
your access. To resolve this issue:
{% endtrans %}
</p>
<ol>
<li>
{% trans %}
Make sure that your browser allows cookies for this site.
{% endtrans %}
</li>
<li>
{% trans %}
Check for any browser privacy settings or extensions
that block Referer headers, and disable them for
this site.
{% endtrans %}
</li>
</ol>
{% elif status_code == 405 %}
<h1 class="lead">{{ _("Method not allowed (405)") }}</h1>
<p>
{% trans %}
If this error is unexpected, you can
<a href="mailto:{{ support_email }}">contact support</a>.
{% endtrans %}
</p>
{% endif %}
</div>
</div>
</div>
</div>
</div>
{% endblock %}

View File

@ -123,7 +123,7 @@ def require_post(
return json_method_not_allowed(["POST"]) return json_method_not_allowed(["POST"])
else: else:
return TemplateResponse( return TemplateResponse(
request, "404.html", context={"status_code": 405}, status=405 request, "4xx.html", context={"status_code": 405}, status=405
) )
return func(request, *args, **kwargs) return func(request, *args, **kwargs)

View File

@ -19,7 +19,6 @@ from django.utils.crypto import constant_time_compare
from django.utils.deprecation import MiddlewareMixin from django.utils.deprecation import MiddlewareMixin
from django.utils.log import log_response from django.utils.log import log_response
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from django.views.csrf import csrf_failure as html_csrf_failure
from django_scim.middleware import SCIMAuthCheckMiddleware from django_scim.middleware import SCIMAuthCheckMiddleware
from django_scim.settings import scim_settings from django_scim.settings import scim_settings
from sentry_sdk import set_tag from sentry_sdk import set_tag
@ -454,7 +453,7 @@ def csrf_failure(request: HttpRequest, reason: str = "") -> HttpResponse:
if RequestNotes.get_notes(request).error_format == "JSON": if RequestNotes.get_notes(request).error_format == "JSON":
return json_response_from_error(CsrfFailureError(reason)) return json_response_from_error(CsrfFailureError(reason))
else: else:
return html_csrf_failure(request, reason) return render(request, "4xx.html", context={"csrf_failure": True}, status=403)
class LocaleMiddleware(DjangoLocaleMiddleware): class LocaleMiddleware(DjangoLocaleMiddleware):